[pacman-dev] [WIP 0/4] Dynamic Users

Andrew Gregory andrew.gregory.8 at gmail.com
Sat Mar 19 13:50:13 UTC 2016 

Packages with files owned by dynamically created users/groups have to create
the user and chown the files in a post_install/post_upgrade install script.
This makes pacman's database out of sync with the filesystem.  See FS#43484.

This patchset makes alpm/pacman aware of symbolic usernames and uses fakeuser
(https://github.com/progandy/fakeuser) to provide a method for PKGBUILDs to add
fake users.

alpm will still fall back to the raw uid if it has not already been assigned,
so packages that add users in post_install/post_upgrade will continue to work
correctly, but should be changed to use pre_install/pre_upgrade instead.

The makepkg portions should be complete, other than documentation.  The
alpm/pacman portions still need to be optimized to use a cache so that we don't
have to consult /etc/{passwd,group} for every single file.

*NOTE*: there is a bug in libarchive that prevents the symlink check from
working with this patchset.  This will be fixed in the next release.

PKGBUILD
========
  pkgname=dynamic-users-test
  pkgver=1
  pkgrel=1
  arch=(any)
  install=dynamic-users-test.install
  
  # entries are in passwd(5)/group(5) format, empty trailing fields can be omitted
  sysusers=('myuser')
  sysgroups=('mygroup')
  
  package() {
      touch "$pkgdir/testfile"
      chown myuser:mygroup "$pkgdir/testfile"
  }

dynamic-users-test.install
==========================
  pre_install() {
      getent passwd myuser &>/dev/null || useradd --system myuser
      getent group mygroup &>/dev/null || groupadd --system mygroup
  }
  
  pre_upgrade() {
      pre_install
  }

Andrew Gregory (4):
  use custom uid/gid lookup functions
  makepkg add sysusers during package()
  makepkg: store symbolic user/group names in mtree
  check_file_permissions: use symbolic user/group names if available

 lib/libalpm/add.c                  | 32 ++++++++++++++++++-
 scripts/Makefile.am                |  2 ++
 scripts/libmakepkg/.gitignore      |  2 ++
 scripts/libmakepkg/sysgroups.sh.in | 60 +++++++++++++++++++++++++++++++++++
 scripts/libmakepkg/sysusers.sh.in  | 65 ++++++++++++++++++++++++++++++++++++++
 scripts/makepkg.sh.in              |  6 ++--
 src/pacman/check.c                 | 46 +++++++++++++++++++++------
 7 files changed, 200 insertions(+), 13 deletions(-)
 create mode 100644 scripts/libmakepkg/sysgroups.sh.in
 create mode 100644 scripts/libmakepkg/sysusers.sh.in

-- 
2.7.2

More information about the pacman-dev mailing list